There are 3 ways you can enroll pre-programmed OATH hardware tokens into Entra ID
- Use Entra Admin Portal
- Use SafeID Token Service
- Use Graph API
Using the Entra Admin Portal is only suitable if you have only a small number of hardware tokens to manage, as the enrollment process using the Entra Admin Portal is a manual process.
Using the Safe Token Service (STS) is highly recommended if you have a large number of hardware tokens to manage, as STS has a powerful management portal that allows administrators or the help desk team to manage tokens (such as assign, un-assign, and re-assign tokens) in a few clicks. STS also has a self-service portal that allows users to self-enroll their tokens.
Using the Graph API is only suitable if all of your tokens will be self-enrolled by your users, as there is no UI for administrators or the help desk team to manage tokens.